Yesterday, I've received a variant of this exact dropper. Your analysis walkthrough helped my immensely in my triage.
Analyzing my sample, though, my assumption was that the Powershell code was hiding in a
An “AlternativeText” property (in my case: Shapes("jczu2zzzf8bnm").AlternativeText). But I couldn’t find a way of statically extracting the actual string from that field using any of your Python tools, and thus reverted to using the “strings” technique you’ve shown. Why can we not “find” the actual AlternativeText field and extract the string from it?
Furthermore, after opening the sample in a VM and running the macro code line-by-line, I still couldn’t find the Powershell code for some reason (Shapes("jczu2zzzf8bnm").AlternativeText returned an empty string).